0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

libnetwork/iptables: (Add|Del)InterfaceFirewalld: check firewalld status

Browse source 
Check if firewalld is running before running the function, so that consumers
of the function don't have to check for the status.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2023-08-15 18:23:39 +02:00
parent 0e3b2ec267
commit aecfa55c4c
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
2 changed files with 20 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
libnetwork/iptables/firewalld.go
View file

@ -243,8 +243,13 @@ func setupDockerZone() error {
return nil
}
// AddInterfaceFirewalld adds the interface to the trusted zone
// AddInterfaceFirewalld adds the interface to the trusted zone. It is a
// no-op if firewalld is not running.
func AddInterfaceFirewalld(intf string) error {
if !firewalldRunning {
return nil
}
var intfs []string
// Check if interface is already added to the zone
if err := connection.sysObj.Call(dbusInterface+".zone.getInterfaces", 0, dockerZone).Store(&intfs); err != nil {
@ -264,8 +269,13 @@ func AddInterfaceFirewalld(intf string) error {
return nil
}
// DelInterfaceFirewalld removes the interface from the trusted zone
// DelInterfaceFirewalld removes the interface from the trusted zone It is a
// no-op if firewalld is not running.
func DelInterfaceFirewalld(intf string) error {
if !firewalldRunning {
return nil
}
var intfs []string
// Check if interface is part of the zone
if err := connection.sysObj.Call(dbusInterface+".zone.getInterfaces", 0, dockerZone).Store(&intfs); err != nil {

18
libnetwork/iptables/iptables.go
View file

@ -203,16 +203,14 @@ func (iptable IPTable) ProgramChain(c *ChainInfo, bridgeName string, hairpinMode
return errors.New("could not program chain, missing chain name")
}
// Either add or remove the interface from the firewalld zone
if firewalldRunning {
if enable {
if err := AddInterfaceFirewalld(bridgeName); err != nil {
return err
}
} else {
if err := DelInterfaceFirewalld(bridgeName); err != nil && !errdefs.IsNotFound(err) {
return err
}
// Either add or remove the interface from the firewalld zone, if firewalld is running.
if enable {
if err := AddInterfaceFirewalld(bridgeName); err != nil {
return err
}
} else {
if err := DelInterfaceFirewalld(bridgeName); err != nil && !errdefs.IsNotFound(err) {
return err
}
}